CloudSEK’s Global Threat Intelligence team has just uncovered a massive, evolving fraud operation targeting Canadian citizens through highly sophisticated impersonations of government services, Canada Post, and Air Canada. This isn’t your typical phishing scam – it’s a coordinated, multi-layered attack that’s exploiting the trust Canadians place in their public institutions.
Here’s what makes this urgent:
- 70+ fake domains impersonating canada.ca traffic portals discovered on shared infrastructur
- Threat actors are selling ready-made phishing kits on dark web forums for as little as $200-$300
- The operation targets every major Canadian province – BC (PayBC), Ontario (ServiceOntario), Quebec, and beyond
- Victims are losing banking credentials, credit card data, and Interac e-Transfer access
- The “PayTool” group has evolved from simple scams to mimicking entire government payment ecosystems
What’s particularly alarming is the sophistication: victims aren’t immediately asked for payment. Instead, they are walked through a “validation phase” requesting ticket numbers or booking references – building false trust before harvesting financial data through fake payment gateways that perfectly mimic legitimate processors.
The report reveals how this Phishing-as-a-Service model is democratizing fraud, with underground forums showing threat actors actively selling Ontario driver’s license phishing kits that claim to include “14 bank pages.”
This is a story with real public safety implications. As tax season approaches and travel increases, Canadians need to know how these scams operate and how to protect themselves.
Full technical report available here: https://www.cloudsek.com/blog/pivoting-from-paytool-tracking-various-frauds-and-e-crime-targeting-canada
Like this:
Like Loading...
Related
This entry was posted on January 29, 2026 at 9:00 am and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Sophisticated Fraud Network Drains Canadians Bank Accounts Through Fake Government Sites
CloudSEK’s Global Threat Intelligence team has just uncovered a massive, evolving fraud operation targeting Canadian citizens through highly sophisticated impersonations of government services, Canada Post, and Air Canada. This isn’t your typical phishing scam – it’s a coordinated, multi-layered attack that’s exploiting the trust Canadians place in their public institutions.
Here’s what makes this urgent:
What’s particularly alarming is the sophistication: victims aren’t immediately asked for payment. Instead, they are walked through a “validation phase” requesting ticket numbers or booking references – building false trust before harvesting financial data through fake payment gateways that perfectly mimic legitimate processors.
The report reveals how this Phishing-as-a-Service model is democratizing fraud, with underground forums showing threat actors actively selling Ontario driver’s license phishing kits that claim to include “14 bank pages.”
This is a story with real public safety implications. As tax season approaches and travel increases, Canadians need to know how these scams operate and how to protect themselves.
Full technical report available here: https://www.cloudsek.com/blog/pivoting-from-paytool-tracking-various-frauds-and-e-crime-targeting-canada
Share this:
Like this:
Related
This entry was posted on January 29, 2026 at 9:00 am and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.